Configuring the Router

Sep 12, 2014

WCCP configuration
on the router is simple, because most WCCP parameters are set by the
appliances.

Unlike legacy
CloudBridge WCCP support, WCCP clustering uses two service groups for TCP
traffic. One service group is used on the router's WAN interface, and the other
is used on the router's LAN interfaces (except for the LAN interface used by
the CloudBridge appliances themselves, when deployed in L2-mode WCCP cluster).

As shown in the
following figure, you need to configure two service groups because WCCP allows
the mask to be applied to either the source IP or the destination IP address,
which is not quite what is required. To keep connections between two endpoints
together, regardless of which endpoint initiates the connection, the appliance
applies the address mask to the source IP address of incoming WAN traffic, and
to the destination IP address of incoming LAN traffic. This requires two
service groups.

The WAN service
group uses WCCP source-ip address masking, while the LAN service group uses
dest-ip masking. In some deployments, it may be necessary to reverse the
assignments, using the “WAN” service group for your LAN interface and vice
versa. This might occur if the number of local IP addresses greatly exceeds the
number of remote IP addresses.

Figure 1. CloudBridge
WCCP Cluster

To configure
WCCP clustering on the router

This procedure
assumes Cisco routers, but is similar on other routers. It uses the first of
the two methods, discussed above, of redirecting WCCP traffic with an
ip wccp
redirect in statement on both LAN and WAN ports.

In the global declarations
section, declare each service group on the WCCP clustering worksheet, listed as
WAN
service group and
LAN
Service group. For example,
ip
wccp 61 and
ip
wccp 62.

Note: The
ip
wccp command allows, but does not require, a more elaborate syntax
than this, and can specify an ACL name or a password. Both service groups must
have the same password, if one is used. The ACLs can be different.

Inside the interface
declarations for each WAN interface that connects to remote CloudBridge
appliances, add an
ip
wccp x redirect in statement, where
x is the WAN service group from the WCCP clustering
worksheet.

Inside the interface
declarations for each LAN interface (except the one connecting to the WCCP
cluster, if you are using L2 mode), add an
ip
wccp y redirect in statement, where
y is the LAN service group from the WCCP clustering
worksheet.

Save your configuration.

Example. The following
example uses service group 61 for the WAN service group and service group 62
for the LAN service group. Three router interfaces are used. One is connected
to the WAN, one is connected to the LAN, and one is connected to the WCCP
cluster.

Note: If the router
used multiple ports for LAN traffic, each port is configured with an
ip wccp 62
redirect in statement. Similarly, if the router used multiple ports
for WAN traffic, each port is configured with an
ip wccp 61
redirect in statement.

If the router used multiple
ports for LAN traffic, each port is configured with an ip wccp 62 redirect
in statement. Similarly, if the router used multiple ports for WAN
traffic, each port is configured with an
ip wccp
61 redirect in statement.

If multiple routers shared
the same WCCP cluster, they use the same service groups.

It is also possible
to use ip wccp redirect statements on only the WAN interfaces:

In many routers, the
ip wccp
redirect out path is not optimized in hardware, but uses the CPU. If
the router’s capabilities along this path exceeds the WAN speed, this method is
practical, and is simpler than using
redirect statements on every interface.

Router ACLs can be
used to limit redirection. For example, for initial testing, perhaps only a
single remote IP address might be allowed to be redirected through WCCP.